Re: [Stripes-users] Password Logging as plain text

[Stone, Timothy]

 

> -Original Message-
> From: Thomas Schlosser [mailto:tho...@schlosser-home.de] 
> Sent: Tuesday, April 14, 2009 3:17 PM
> To: stripes-users@lists.sourceforge.net
> Subject: [Stripes-users] Password Logging as plain text
> 
> Hi,
> I have found out that stripes logs the values(also values from
> stipes-password-tag) as plain text, when the 
> Validation-annotation is used with the required-param.
> 2009-04-14 17:13:08,246 DEBUG [http-8080-Processor25] 
> (Log.java:183) - Checking required field: password, with 
> values: [secret]

While I do not have a solution to pass along, I have suggestion based on
what we use here: a field annotation.

@Secure for example prints on the object's toString method the last four
digits of an SSN.

Conceivably, one could have a @PasswordSecure annotation on the field
that simply masks the whole field with "*" in the log.

> 
> I think this is a security hole, therefore I wrote my own 
> ActionBeanPropertyBinder and removed the logging of the value.
> But isn't it a generally problem, which should be fixed in 
> the DefaultActionBeanPropertyBinder?
> 
> Cheers,
> Thomas

Regards,
Tim


Barclays www.barclaycardus.com

This e-mail and any files transmitted with it may contain confidential and/or 
proprietary information. It is intended solely for the use of the individual or 
entity who is the intended recipient. Unauthorized use of this information is 
prohibited. If you have received this in error, please contact the sender by 
replying to this message and delete this material from any system it may be on.



--
This SF.net email is sponsored by:
High Quality Requirements in a Collaborative Environment.
Download a free trial of Rational Requirements Composer Now!
http://p.sf.net/sfu/www-ibm-com
___
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users

[Stripes-users] Suggestions for leveraging enum through options-(collection|map)

[Stone, Timothy]

Imagine the following enum...

public enum ResidentStatus {
  OWN ("O", "Own"),
  RENT("R", "Rent"),
  OTHER ("X", "Other");

  public String value;
  public String status;

  ResidentStatus(String value, String status) {
this.value = value;
this.status = status;
  }

  public String getValue() { return this.value; }
  public String getStatus() { return this.status; }
}

Given a view with a dropdown box for choosing one's resident status,
using options-enumeration:



Results in the following HTML:


  Own
  ...


*** This is the expected and correct output for an options-enumeration,
*except* that it requires a greater amount of refactoring in the
backend.

Existing systems will process "resident status" based on the values of
[O,R,X] *not* [OWN,RENT,OTHER].

In looking at the J2SE options, using an EnumSet or EnumMap could allow
us to then use options-collection or options-map in the JSP.

Is this acceptable, or is there something about options-enumeration that
could allow me to get at the value and label in the output?

Thanks,
Tim

--

Timothy Stone  |  Application Developer Technical Lead
Strategic Development, Business Technology Group  |  Barclaycard US
direct 302.255.8044  |  cell 410.441.9450

COMPANY CONFIDENTIAL



Barclays www.barclaycardus.com

This e-mail and any files transmitted with it may contain confidential and/or 
proprietary information. It is intended solely for the use of the individual or 
entity who is the intended recipient. Unauthorized use of this information is 
prohibited. If you have received this in error, please contact the sender by 
replying to this message and delete this material from any system it may be on.



--
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables 
unlimited royalty-free distribution of the report engine 
for externally facing server and web deployment. 
http://p.sf.net/sfu/businessobjects
___
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users

[Stripes-users] Filtering output from options-enumeration

[Stone, Timothy]

I need to get the output of an options-enumeration "un-encoded".

Consider the following:

public enum GPA {
F   ("1", "<2.00"),
D   ("2", "2.00–2.49"),
  C   ("3", "2.50–2.99"),
B   ("4", "3.00–3.49"),
A   ("5", "3.50–3.99"),
A_PLUS  ("6", "4.00"),
OTHER   ("0", "Other");

...

public String getGpa() { return this.gpa; }

...


The output from the options-enumeration results in:

<2.00
2.00–2.49
...
...

This might be good for most users, but bad for me/us, as we are using
entity notations like the endash to express ranges, e.g., "–" (the
correct use of endashes*). 

Any ideas for a workaround? I'm considering something in the return
method, but I think something is happening in the tag itself that would
defeat me.

Thanks,
Tim

PS. "–" is an endash. It is specifically used to indicate ranges
(http://www.alistapart.com/articles/emen/)

--

Timothy Stone  |  Application Developer Technical Lead
Strategic Development, Business Technology Group  |  Barclaycard US
direct 302.255.8044  |  cell 410.441.9450

COMPANY CONFIDENTIAL



Barclays www.barclaycardus.com

This e-mail and any files transmitted with it may contain confidential and/or 
proprietary information. It is intended solely for the use of the individual or 
entity who is the intended recipient. Unauthorized use of this information is 
prohibited. If you have received this in error, please contact the sender by 
replying to this message and delete this material from any system it may be on.



--
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables 
unlimited royalty-free distribution of the report engine 
for externally facing server and web deployment. 
http://p.sf.net/sfu/businessobjects
___
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users

Re: [Stripes-users] Filtering output from options-enumeration

[Stone, Timothy]

Ben Gunter seems to be on to a "half-fix"... half-fix because
options-enumeration is empty, no tag body. I'm stuck with re-encoded
entities. No good.

Tim

> -Original Message-
> From: Newman, John W [mailto:newma...@upmc.edu] 
> Sent: Wednesday, May 20, 2009 4:42 PM
> To: Stripes Users List
> Subject: Re: [Stripes-users] Filtering output from options-enumeration
> 
> I think this one 
> http://www.stripesframework.org/jira/browse/STS-251 is related ... 
> 
> -Original Message-
> From: Stone, Timothy [mailto:tst...@barclaycardus.com] 
> Sent: Wednesday, May 20, 2009 3:58 PM
> To: Stripes Users List
> Subject: [Stripes-users] Filtering output from options-enumeration
> 
> I need to get the output of an options-enumeration "un-encoded".
> 
> Consider the following:
> 
> public enum GPA {
>   F   ("1", "<2.00"),
>   D   ("2", "2.00–2.49"),
>   C   ("3", "2.50–2.99"),
>   B   ("4", "3.00–3.49"),
>   A   ("5", "3.50–3.99"),
>   A_PLUS  ("6", "4.00"),
>   OTHER   ("0", "Other");
> 
> ...
> 
> public String getGpa() { return this.gpa; }
> 
> ...
> 
> 
> The output from the options-enumeration results in:
> 
> &lt;2.00
> 2.00&#8211;2.49
> ...
> ...
> 
> This might be good for most users, but bad for me/us, as we are using
> entity notations like the endash to express ranges, e.g., 
> "–" (the
> correct use of endashes*). 
> 
> Any ideas for a workaround? I'm considering something in the return
> method, but I think something is happening in the tag itself 
> that would
> defeat me.
> 
> Thanks,
> Tim
> 
> PS. "–" is an endash. It is specifically used to indicate ranges
> (http://www.alistapart.com/articles/emen/)
> 
> --
> 
> Timothy Stone  |  Application Developer Technical Lead
> Strategic Development, Business Technology Group  |  Barclaycard US
> direct 302.255.8044  |  cell 410.441.9450
> 
> COMPANY CONFIDENTIAL
> 
> 
> 
> Barclays www.barclaycardus.com
> 
> This e-mail and any files transmitted with it may contain 
> confidential and/or proprietary information. It is intended 
> solely for the use of the individual or entity who is the 
> intended recipient. Unauthorized use of this information is 
> prohibited. If you have received this in error, please 
> contact the sender by replying to this message and delete 
> this material from any system it may be on.
> 
> 
> 
> --
> 
> Crystal Reports - New Free Runtime and 30 Day Trial
> Check out the new simplified licensing option that enables 
> unlimited royalty-free distribution of the report engine 
> for externally facing server and web deployment. 
> http://p.sf.net/sfu/businessobjects
> ___
> Stripes-users mailing list
> Stripes-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/stripes-users
> 
> --
> 
> Crystal Reports - New Free Runtime and 30 Day Trial
> Check out the new simplified licensing option that enables 
> unlimited royalty-free distribution of the report engine 
> for externally facing server and web deployment. 
> http://p.sf.net/sfu/businessobjects
> ___
> Stripes-users mailing list
> Stripes-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/stripes-users
> 
> 


Barclays www.barclaycardus.com

This e-mail and any files transmitted with it may contain confidential and/or 
proprietary information. It is intended solely for the use of the individual or 
entity who is the intended recipient. Unauthorized use of this information is 
prohibited. If you have received this in error, please contact the sender by 
replying to this message and delete this material from any system it may be on.



--
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables 
unlimited royalty-free distribution of the report engine 
for externally facing server and web deployment. 
http://p.sf.net/sfu/businessobjects
___
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users

Re: [Stripes-users] Permanent redirect?

[Stone, Timothy]

Without writing your own Resolution, e.g., PermanentRedirectResolution,
you might try:

1. a ForwardResolution to a resource that generates your 301
2. a ForwardResolution to a resource that performs mapped lookup in
Apache (or other HTTPD), using a query or path element, for a 301.

Writing your own Resolution, extending RedirectResolution, overriding
the execute method, seems plausible. In order of complexity, it might be
the most complex, with #1 being the easiest, IMHO.

Regards,
Tim

> -Original Message-
> From: Ray Vanderborght [mailto:voids...@gmail.com] 
> Sent: Sunday, July 12, 2009 12:40 AM
> To: stripes-users@lists.sourceforge.net
> Subject: [Stripes-users] Permanent redirect?
> 
> Is there a way to do a permanent (301) redirect from inside a 
> stripes action?
> 
> What I'm doing is adding keywords to the end of my urls for 
> better SEO, and I'm redirecting existing urls to the new ones 
> with the keywords added.  I'm using a RedirectResolution now 
> to accomplish this but it's issuing a temporary (302) 
> redirect instead of a permanent redirect.
> 
> This article on a related topic (the canonical tag) mentions 
> a 301 redirect as being the right thing to do in this case:
> http://www.mattcutts.com/blog/canonical-link-tag/ (slide #4).
> 
> Anyhow I'm not too hung up on it, but if there's a way to do 
> a permanent redirect that I'm just missing let me know.  Thanks.
> 


Barclays www.barclaycardus.com

This e-mail and any files transmitted with it may contain confidential and/or 
proprietary information. It is intended solely for the use of the individual or 
entity who is the intended recipient. Unauthorized use of this information is 
prohibited. If you have received this in error, please contact the sender by 
replying to this message and delete this material from any system it may be on.



--
Enter the BlackBerry Developer Challenge  
This is your chance to win up to $100,000 in prizes! For a limited time, 
vendors submitting new applications to BlackBerry App World(TM) will have
the opportunity to enter the BlackBerry Developer Challenge. See full prize  
details at: http://p.sf.net/sfu/Challenge
___
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users

[Stripes-users] Stripes 1.6?

[Stone, Timothy]

I'm seeing some traffic discussing Stripes 1.6, but don't see anything
in SVN (on sourceforge) that validates any such release (unless v1.6 is
trunk).

Can anyone elaborate?

Thanks,
Tim

--

Timothy Stone  |  Application Developer Technical Lead
Strategic Development, Business Technology Group  |  Barclaycard US
direct 302.255.8044  |  cell 410.441.9450

COMPANY CONFIDENTIAL



Barclays www.barclaycardus.com

This e-mail and any files transmitted with it may contain confidential and/or 
proprietary information. It is intended solely for the use of the individual or 
entity who is the intended recipient. Unauthorized use of this information is 
prohibited. If you have received this in error, please contact the sender by 
replying to this message and delete this material from any system it may be on.



--
___
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users

Re: [Stripes-users] Stripes 1.6

[Stone, Timothy]

Nathan Maves wrote:
> 
> no, in most setups trunk is never a release.  you can find the latest
> release in the 1.5.1 tag in svn

Nathan is correct. 

Trunk, in most open source projects, is ongoing development against features 
and bugs for the next release. When the trunk is ready for release candidates, 
a 1.6 'branch' *may* be created, leading to 1.6RC1 'tags', which in turn leads 
to a 1.6.0 'tag' from which Stripes will release and users can build from SVN 
(if you're into that sort of thing).

Allow me to indulge the list with a visual, it helps ;) 

(r=release,m=minor,p=patch):

trunk/< ongoing development (may be buildable, but have incomplete 
features)
branches/ < release branches
   .../
   RB_1.4/
   RB_1.5/
   RB_r.m/
tags/ < releases (each tag marking progress, or a candidate release)
   ...
   REL_1.4.0/
   REL_1.5.0/
   REL_1.5.1RC1/
   REL_1.5.1RC2/
   REL_1.5.1/
   REL_r.m.p/

If you wanted the source of any given release (or progress release) you would 
checkout the *tag* ...

If you wanted to use the most cutting edge code, you would checkout the 
*trunk*. Use of trunk is for developers, or very active users that want to 
contribute feedback if they are not developers themselves. 

Trunk typically has to be built the user, making caution a requirement when 
using the trunk.

I'm only citing the standard open source SVN practice; I cannot speak for 
Stripes, but the conversation has me leaning heavily toward thinking that 
Stripes follows this methodology.
 
Regards,
Tim

> On Sun, Aug 9, 2009 at 9:23 PM, Alamgir Kahn wrote:
> >
> > Freddy Daoud  writes:
> >> I could have sworn someone asked where is Stripes 1.6, but 
> I can't find
> >> the message. Whomever you are, sorry for the late reply - 
> yes indeed,
> >> Stripes 1.6 is what is in the trunk of Subversion.
> >>
> >> Cheers,
> >> Freddy
> >> http://www.stripesbook.com
> >
> > Sorry for the confusion, but if 1.6 is on the trunk, does 
> that mean the release
> > is "official"?
> >
> > If so, when will it hit the site?
> >
> > AK
> >
> >
> > 
> --
> 
> > Let Crystal Reports handle the reporting - Free Crystal 
> Reports 2008 30-Day
> > trial. Simplify your report design, integration and 
> deployment - and focus on
> > what you do best, core application coding. Discover what's new with
> > Crystal Reports now.  http://p.sf.net/sfu/bobj-july
> > ___
> > Stripes-users mailing list
> > Stripes-users@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/stripes-users
> >
> 
> --
> 
> Let Crystal Reports handle the reporting - Free Crystal 
> Reports 2008 30-Day 
> trial. Simplify your report design, integration and 
> deployment - and focus on 
> what you do best, core application coding. Discover what's new with 
> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
> ___
> Stripes-users mailing list
> Stripes-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/stripes-users
> 


Barclays www.barclaycardus.com

This e-mail and any files transmitted with it may contain confidential and/or 
proprietary information. It is intended solely for the use of the individual or 
entity who is the intended recipient. Unauthorized use of this information is 
prohibited. If you have received this in error, please contact the sender by 
replying to this message and delete this material from any system it may be on.



--
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with 
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
___
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users

Re: [Stripes-users] RedirectResolution using POST

[Stone, Timothy]

Aaron is correct, the HTTP spec does not preserve POST values and Apache
enforces this specification.

You might want to look at leveraging mod_rewrite + mod_proxy to preserve the
POST values. 

I did a YouTube video showing how to use it...
http://www.youtube.com/watch?v=i4G5I4YdWVE

HTTPS is tricky, but should be possible with the directive SSLProxyEngine.

Regards,
Tim


On 11/9/09 5:02 PM, "Grzegorz Krugły"  wrote:

> What I'm doing is POSTing to MY code which save the order in temporary
> state, etc. and THEN I redirect to payment processor's site. They accept
> GET method, but recommend POST and I would like having "hidden"
> parameters more, too.
> 
> I guess I'll have to live with GET then.
> 
> Aaron Porter pisze:
>> > Hi Grzegorz,
>> > Unfortunately, the HTTP spec doesn't provide a way to redirect a POST if
>> > that's what you're asking.
>> >
>> > There are 2 normal ways to use a payment processor:
>> > 1. Use the payment processor's API so the customer only sees your site
>> > and your site talks to the processor on the backend.
>> > 2. Send the user to the processor's site to checkout.
>> >
>> > Are you trying to use Stripe's validation before sending to the
>> > processor? If not I don't understand why you'd want to redirect instead
>> > of just POSTing to the processor's site.
>> >
>> > Aaron
>> >
>> > Grzegorz Krugły wrote:
>> >  
>>> >> Hi,
>>> >>
>>> >> I'm integrating with an online payments service and would love to POST
>>> >> to their URL instead of GETting it. Is it possible to do so using
>>> >> RedirectResolution or some other means?
>>> >>
>>> >> Best regards,
>>> >> Grzegorz
>>> >>
>>> >>
>>> >> 
>>> 
--
>>> >> Let Crystal Reports handle the reporting - Free Crystal Reports 2008
>>> 30-Day
>>> >> trial. Simplify your report design, integration and deployment - and
>>> focus on
>>> >> what you do best, core application coding. Discover what's new with
>>> >> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
>>> >> ___
>>> >> Stripes-users mailing list
>>> >> Stripes-users@lists.sourceforge.net
>>> >> https://lists.sourceforge.net/lists/listinfo/stripes-users
>>> >>
>>> >>  
>>> >>
>> >
>> >
>> > 
>> 
--
>> > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
>> > trial. Simplify your report design, integration and deployment - and focus
>> on
>> > what you do best, core application coding. Discover what's new with
>> > Crystal Reports now.  http://p.sf.net/sfu/bobj-july
>> > ___
>> > Stripes-users mailing list
>> > Stripes-users@lists.sourceforge.net
>> > https://lists.sourceforge.net/lists/listinfo/stripes-users
>> >  
> 
> 
> --
> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
> trial. Simplify your report design, integration and deployment - and focus on
> what you do best, core application coding. Discover what's new with
> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
> ___
> Stripes-users mailing list
> Stripes-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/stripes-users
> 

-- 
Timothy Stone   |   Application Developer Technical Lead
Barclaycard   |Business Technology Group, Strategic Development
125 S. West Street   |   Wilmington, DE|   19801
USA   |   www.barclaycardus.com
+1 302 255 8044 direct |   +1 410 441 9450 cell
 
COMPANY CONFIDENTIAL
 
P Before printing this e-mail, or any other document, ask yourself whether
you need a hard copy



Barclays www.barclaycardus.com

This e-mail and any files transmitted with it may contain confidential and/or 
proprietary information. It is intended solely for the use of the individual or 
entity who is the intended recipient. Unauthorized use of this information is 
prohibited. If you have received this in error, please contact the sender by 
replying to this message and delete this material from any system it may be on.

--
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with
Crystal Reports now.  http://p.sf.net/sfu/bobj-july___
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users

Re: [Stripes-users] RedirectResolution using POST

[Stone, Timothy]

Jocke,

I personally would like to hear more about this solution and possibly see
some code samples.

Generally speaking, I have found that many applications do not really
correctly implement GET and POST. Many leverage POST to circumvent GET
limitations or prevent information from being written to logs.

The use of mod_rewrite + mod_proxy is really just masking the problem and
working around the specification, but I like the solution better than a
³form shell² that auto submits (for reasons of accessibility, though those
can be worked around by providing a button when Javascript is disabled...).

A controller solution is very intriguing as, while another specification
workaround, it is hidden from the view and the protocol layers preserving
the data being passed around.

Regards,
TIm


On 11/10/09 2:15 AM, "Jocke Eriksson"  wrote:

> I would go with the URL Connection class, this will give you the possibility
> to implement failover when
> needed. 
> 
>> > Date: Mon, 9 Nov 2009 19:54:48 +0100
>> > From: g...@karko.net
>> > To: stripes-users@lists.sourceforge.net
>> > Subject: [Stripes-users] RedirectResolution using POST
>> > 
>> > Hi,
>> > 
>> > I'm integrating with an online payments service and would love to POST
>> > to their URL instead of GETting it. Is it possible to do so using
>> > RedirectResolution or some other means?
>> > 
>> > Best regards,
>> > Grzegorz
>> > 
>> > 
>> > 
>> 
--
>> > Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
>> > trial. Simplify your report design, integration and deployment - and focus
>> on 
>> > what you do best, core application coding. Discover what's new with
>> > Crystal Reports now.  http://p.sf.net/sfu/bobj-july
>> > ___
>> > Stripes-users mailing list
>> > Stripes-users@lists.sourceforge.net
>> > https://lists.sourceforge.net/lists/listinfo/stripes-users
>
> 
> Hitta kärleken! Klicka här Hitta en dator som passar dig!
> 
> 
> --
> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
> trial. Simplify your report design, integration and deployment - and focus on
> what you do best, core application coding. Discover what's new with
> Crystal Reports now.  http://p.sf.net/sfu/bobj-july

-- 
Timothy Stone   |   Application Developer Technical Lead
Barclaycard   |Business Technology Group, Strategic Development
125 S. West Street   |   Wilmington, DE|   19801
USA   |   www.barclaycardus.com
+1 302 255 8044 direct |   +1 410 441 9450 cell
 
COMPANY CONFIDENTIAL
 
P Before printing this e-mail, or any other document, ask yourself whether
you need a hard copy



Barclays www.barclaycardus.com

This e-mail and any files transmitted with it may contain confidential and/or 
proprietary information. It is intended solely for the use of the individual or 
entity who is the intended recipient. Unauthorized use of this information is 
prohibited. If you have received this in error, please contact the sender by 
replying to this message and delete this material from any system it may be on.

--
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with
Crystal Reports now.  http://p.sf.net/sfu/bobj-july___
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users

[Stripes-users] Form field bindings and checking for presence/absence

[Stone, Timothy]

List,

 

I have an action that has 3 fields:

 

prospectcode

postcode



Barclays www.barclaycardus.com

This e-mail and any files transmitted with it may contain confidential and/or 
proprietary information. It is intended solely for the use of the individual or 
entity who is the intended recipient. Unauthorized use of this information is 
prohibited. If you have received this in error, please contact the sender by 
replying to this message and delete this material from any system it may be on.

--
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev___
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users

[Stripes-users] Form field bindings and checking for presence/absence

[Stone, Timothy]

List,

 

(Sorry for the premature send... not enough coffee this morning)

 

I have an action that has 3 fields:

 

prospectcode

postcode

lastname

 

The form that is bound to this action will only have 2 fields (both
required when present on the form):

 

prospectcode

 

and one (1) of 

 

'lastname' OR 'postcode'

 

 

If 'postcode' is not present on the form, but 'lastname' is, how can the
action ignore 'postcode' and return an error for 'lastname' only, i.e.,
if it is blank?

 

Do I need to inspect the request parameters for the absence of one and
the presence of the other, 'postcode' is null so ignore, and 'lastname'
is blank (length returns 0). Though I have a gut feeling that Stripes
intuitively handles this in the binding of form to action and there is
something I'm missing about the annotations available in Stripes I'm not
taking advantage of.

 

Regards,

Tim

 

 



Barclays www.barclaycardus.com

This e-mail and any files transmitted with it may contain confidential and/or 
proprietary information. It is intended solely for the use of the individual or 
entity who is the intended recipient. Unauthorized use of this information is 
prohibited. If you have received this in error, please contact the sender by 
replying to this message and delete this material from any system it may be on.

--
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev___
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users

Re: [Stripes-users] Form field bindings and checking forpresence/absence

[Stone, Timothy]

Thanks all.

As it turns out, we are using a custom validation method and needed to refine 
the logic.

Thanks!
Tim

-Original Message-
From: Rick Grashel [mailto:rgras...@gmail.com] 
Sent: Wednesday, April 07, 2010 10:16 AM
To: Stripes Users List
Subject: Re: [Stripes-users] Form field bindings and checking 
forpresence/absence

I apologize... the annotation on the method should be @ValidationMethod.

-- Rick


On Wed, Apr 7, 2010 at 9:14 AM, Rick Grashel  wrote:
> Tim,
>
> To me, this seems like a simple validation method and a field-level
> validation in your action:
>
> @Validate( required = "true" )
> private String prospectcode;
>
> @Validate( on="whatever" )
> public void validatePostCodeAndLastName( ValidationErrors errors )
> {
>   if ( postcode == null && lastname == null )
>   {
>      errors.add( new SimpleError( "postcode or lastname must be provided.") );
>   }
>   else if ( postcode != null && lastname != null )
>   {
>      errors.add( new SimpleError( "Please provide either postcode or
> lastname -- not both." ) );
>   }
> }
>
> -- Rick
>
> On Wed, Apr 7, 2010 at 8:35 AM, Stone, Timothy  
> wrote:
>> List,
>>
>>
>>
>> (Sorry for the premature send... not enough coffee this morning)
>>
>>
>>
>> I have an action that has 3 fields:
>>
>>
>>
>> prospectcode
>>
>> postcode
>>
>> lastname
>>
>>
>>
>> The form that is bound to this action will only have 2 fields (both required
>> when present on the form):
>>
>>
>>
>> prospectcode
>>
>>
>>
>> and one (1) of
>>
>>
>>
>> 'lastname' OR 'postcode'
>>
>>
>>
>>
>>
>> If 'postcode' is not present on the form, but 'lastname' is, how can the
>> action ignore 'postcode' and return an error for 'lastname' only, i.e., if
>> it is blank?
>>
>>
>>
>> Do I need to inspect the request parameters for the absence of one and the
>> presence of the other, 'postcode' is null so ignore, and 'lastname' is blank
>> (length returns 0). Though I have a gut feeling that Stripes intuitively
>> handles this in the binding of form to action and there is something I'm
>> missing about the annotations available in Stripes I'm not taking advantage
>> of.
>>
>>
>>
>> Regards,
>>
>> Tim
>>
>>
>>
>>
>>
>>
>> ___
>>
>> Barclays
>> www.barclaycardus.com
>> ___
>>
>> This e-mail and any files transmitted with it may contain confidential
>> and/or proprietary information. It is intended solely for the use of the
>> individual or entity who is the intended recipient. Unauthorized use of this
>> information is prohibited. If you have received this in error, please
>> contact the sender by replying to this message and delete this material from
>> any system it may be on.
>> --
>> Download Intel® Parallel Studio Eval
>> Try the new software tools for yourself. Speed compiling, find bugs
>> proactively, and fine-tune applications for parallel performance.
>> See why Intel Parallel Studio got high marks during beta.
>> http://p.sf.net/sfu/intel-sw-dev
>> ___
>> Stripes-users mailing list
>> Stripes-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/stripes-users
>>
>>
>

--
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
___
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users



Barclays www.barclaycardus.com

This e-mail and any files transmitted with it may contain confidential and/or 
proprietary information. It is intended solely for the use of the individual or 
entity who is the intended recipient. Unauthorized use of this information is 
prohibited. If you have received this in error, please contact the sender by 
replying to this message and delete this material from any system it may be on.



--
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
___
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users

[Stripes-users] JavaScript execution context lost on getContext().getSourcePageResolution();

[Stone, Timothy]

List,

I am experiencing a problem where the JavaScript execution context in
Firefox and Safari is lost after returning a Resolution from an error
handler.

Items like the ³console,² e.g., console.log(³someMessage²), fail with
³console is undefined². More importantly, my client form validation
initially fails to execute until the form is submitted a second time with
errors.

Now, ³console² is a value defined globally in the JavaScript engine and
automatically exposed in Safari and Firefox. If I reload the page, the
context returns.

Specifically, my initial page load is to a view (³Inbound.action²) with some
blank fields. These fields are bound to and submit to an action
(³DirectList.action²) which evaluates the form and returns on errors by
using:

res = getContext().getSourcePageResolution();

The old view is in the context of the DirectList.action.

It appears that the browser will not execute the Javascript context until
refresh. This might be a browser problem, however, it appears to be
something about the Stripes resolution on the error round trip.

Any thoughts? The scripts all work on the initial view, but fail on the next
view, so I¹ve generally eliminated a problem with the script, and this
console issue is *very suspect*.

Much thanks,
Tim




Barclays www.barclaycardus.com

This e-mail and any files transmitted with it may contain confidential and/or 
proprietary information. It is intended solely for the use of the individual or 
entity who is the intended recipient. Unauthorized use of this information is 
prohibited. If you have received this in error, please contact the sender by 
replying to this message and delete this material from any system it may be on.

--
___
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users

Re: [Stripes-users] JavaScript execution context lost on getContext().getSourcePageResolution();

[Stone, Timothy]

List,

I want to add that the behavior described below is ³almost as if
window.onload² happens. The HTML of the source of the page is intact, but
the window is ³never reloaded.²

Thanks,
Tim


On 4/20/10 3:29 PM, "Timothy Stone"  wrote:

> List,
> 
> I am experiencing a problem where the JavaScript execution context in Firefox
> and Safari is lost after returning a Resolution from an error handler.
> 
> Items like the ³console,² e.g., console.log(³someMessage²), fail with ³console
> is undefined². More importantly, my client form validation initially fails to
> execute until the form is submitted a second time with errors.
> 
> Now, ³console² is a value defined globally in the JavaScript engine and
> automatically exposed in Safari and Firefox. If I reload the page, the context
> returns.
> 
> Specifically, my initial page load is to a view (³Inbound.action²) with some
> blank fields. These fields are bound to and submit to an action
> (³DirectList.action²) which evaluates the form and returns on errors by using:
> 
> res = getContext().getSourcePageResolution();
> 
> The old view is in the context of the DirectList.action.
> 
> It appears that the browser will not execute the Javascript context until
> refresh. This might be a browser problem, however, it appears to be something
> about the Stripes resolution on the error round trip.
> 
> Any thoughts? The scripts all work on the initial view, but fail on the next
> view, so I¹ve generally eliminated a problem with the script, and this console
> issue is *very suspect*.
> 
> Much thanks,
> Tim
> 
> 
>  
> 
> ___
> 
> Barclays
> www.barclaycardus.com
> ___
> 
> This e-mail and any files transmitted with it may contain confidential and/or
> proprietary information. It is intended solely for the use of the individual
> or entity who is the intended recipient. Unauthorized use of this information
> is prohibited. If you have received this in error, please contact the sender
> by replying to this message and delete this material from any system it may be
> on.
> 
> --

-- 
Timothy Stone   |   Director, Application Developer Technical Lead
Barclaycard   |Business Technology Group, Solutions Delivery
125 S. West Street   |   Wilmington, DE|   19801
USA   |   www.barclaycardus.com
+1 302 255 8044 direct |   +1 410 441 9450 cell
 
COMPANY CONFIDENTIAL
 
P Before printing this e-mail, or any other document, ask yourself whether
you need a hard copy



Barclays www.barclaycardus.com

This e-mail and any files transmitted with it may contain confidential and/or 
proprietary information. It is intended solely for the use of the individual or 
entity who is the intended recipient. Unauthorized use of this information is 
prohibited. If you have received this in error, please contact the sender by 
replying to this message and delete this material from any system it may be on.

--
___
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users

Re: [Stripes-users] JavaScript execution context lost ongetContext().getSourcePageResolution();

[Stone, Timothy]

Okay, I¹ll post to Stackoverflow.

Tim


On 4/20/10 3:35 PM, "Mike McNally"  wrote:

> This isn't going to be a Stripes problem.  I would encourage you to ask this
> question on Stackoverflow, where you'll get a quick answer IF you post  clear
> relevant sections of the code in question.
> 
> 
> On Tue, Apr 20, 2010 at 2:29 PM, Stone, Timothy 
> wrote:
>> List,
>> 
>> I am experiencing a problem where the JavaScript execution context in Firefox
>> and Safari is lost after returning a Resolution from an error handler.
>> 
>> Items like the ³console,² e.g., console.log(³someMessage²), fail with
>> ³console is undefined². More importantly, my client form validation initially
>> fails to execute until the form is submitted a second time with errors.
>> 
>> Now, ³console² is a value defined globally in the JavaScript engine and
>> automatically exposed in Safari and Firefox. If I reload the page, the
>> context returns.
>> 
>> Specifically, my initial page load is to a view (³Inbound.action²) with some
>> blank fields. These fields are bound to and submit to an action
>> (³DirectList.action²) which evaluates the form and returns on errors by
>> using:
>> 
>> res = getContext().getSourcePageResolution();
>> 
>> The old view is in the context of the DirectList.action.
>> 
>> It appears that the browser will not execute the Javascript context until
>> refresh. This might be a browser problem, however, it appears to be something
>> about the Stripes resolution on the error round trip.
>> 
>> Any thoughts? The scripts all work on the initial view, but fail on the next
>> view, so I¹ve generally eliminated a problem with the script, and this
>> console issue is *very suspect*.
>> 
>> Much thanks,
>> Tim
>> 
>> 
>>  
>> 
>> ___
>> 
>> Barclays
>> www.barclaycardus.com <http://www.barclaycardus.com>
>> ___
>> 
>> This e-mail and any files transmitted with it may contain confidential and/or
>> proprietary information. It is intended solely for the use of the individual
>> or entity who is the intended recipient. Unauthorized use of this information
>> is prohibited. If you have received this in error, please contact the sender
>> by replying to this message and delete this material from any system it may
>> be on. 
>> 
>> 
->>
-
>> 
>> ___
>> Stripes-users mailing list
>> Stripes-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/stripes-users
>> 
> 
> 

-- 
Timothy Stone   |   Director, Application Developer Technical Lead
Barclaycard   |Business Technology Group, Solutions Delivery
125 S. West Street   |   Wilmington, DE|   19801
USA   |   www.barclaycardus.com
+1 302 255 8044 direct |   +1 410 441 9450 cell
 
COMPANY CONFIDENTIAL
 
P Before printing this e-mail, or any other document, ask yourself whether
you need a hard copy



Barclays www.barclaycardus.com

This e-mail and any files transmitted with it may contain confidential and/or 
proprietary information. It is intended solely for the use of the individual or 
entity who is the intended recipient. Unauthorized use of this information is 
prohibited. If you have received this in error, please contact the sender by 
replying to this message and delete this material from any system it may be on.

--
___
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users

[Stripes-users] Loss of session on resolution after validation

[Stone, Timothy]

List,

We are experiencing the loss of the session when returning to a JSP after
handling validation in an action.

The problem occurs when we submit to an action bean errors and the bean
returns a resolution via getSourcePageResolution(). I might be able to
provide more information after meeting with the developers.

It appears to be related to WebLogic (v10.3), as we do not see the problem
in Tomcat 6.0.x when testing locally in IDEs.

Stripes version 1.5.2.

Regards,
Tim

-- 
Timothy Stone   |   Director, Application Developer Technical Lead
Barclaycard   |Business Technology Group, Solutions Delivery
125 S. West Street   |   Wilmington, DE|   19801
USA   |   www.barclaycardus.com
+1 302 255 8044 direct |   +1 410 441 9450 cell
 
COMPANY CONFIDENTIAL
 
P Before printing this e-mail, or any other document, ask yourself whether
you need a hard copy



Barclays www.barclaycardus.com

This e-mail and any files transmitted with it may contain confidential and/or 
proprietary information. It is intended solely for the use of the individual or 
entity who is the intended recipient. Unauthorized use of this information is 
prohibited. If you have received this in error, please contact the sender by 
replying to this message and delete this material from any system it may be on.

--
___
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users

Re: [Stripes-users] amusing license

[Stone, Timothy]

Hey-oh! :D


On 6/4/10 8:44 AM, "Freddy Daoud"  wrote:

> A little comic relief
> 
> I'm on the last couple of chapters of "Flexible Rails"[1], and was reading
> about using AMF with Rails (if you don't know what that is, don't bother
> looking it up, it's not important here.) Basically, there are two competing
> frameworks for achieving this, A and B.
> 
> The fun part is that framework A has an "MIT license with an exception"[2],
> which states that framework B may not use any of framework A's code for
> releases of framework B!
> 
> We should have had that exception, stating that Struts may not use source
> code from Stripes ;-) (It's too late now, they already copied Tim's code.)
> 
> Have a good Friday and a good weekend.
> 
> Cheers,
> Freddy
> 
> [1]: http://manning.com/armstrong/
> [2]: 
> http://code.google.com/p/rubyamf/source/browse/branches/ruby19/LICENSE?r=1319
> 
> 
> --
> ThinkGeek and WIRED's GeekDad team up for the Ultimate
> GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the
> lucky parental unit.  See the prize list and enter to win:
> http://p.sf.net/sfu/thinkgeek-promo
> ___
> Stripes-users mailing list
> Stripes-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/stripes-users
> 
> 

-- 
Timothy Stone   |   Director, Application Developer Technical Lead
Barclaycard   |Business Technology Group, Solutions Delivery
125 S. West Street   |   Wilmington, DE|   19801
USA   |   www.barclaycardus.com
+1 302 255 8044 direct |   +1 410 441 9450 cell
 
COMPANY CONFIDENTIAL
 
P Before printing this e-mail, or any other document, ask yourself whether
you need a hard copy



Barclays www.barclaycardus.com

This e-mail and any files transmitted with it may contain confidential and/or 
proprietary information. It is intended solely for the use of the individual or 
entity who is the intended recipient. Unauthorized use of this information is 
prohibited. If you have received this in error, please contact the sender by 
replying to this message and delete this material from any system it may be on.

--
ThinkGeek and WIRED's GeekDad team up for the Ultimate 
GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the 
lucky parental unit.  See the prize list and enter to win: 
http://p.sf.net/sfu/thinkgeek-promo___
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users

[Stripes-users] Indexed property field labels

[Stone, Timothy]

Is there a way to define a field label for indexed properties? For example:

Given a list of authorized users on an abstract account, e.g., a proxy or
other user acting on your behalf, will Stripes automagically determine the
index for me, or do I need to define a label for each one to a best guess
limit?

Enter your proxy user id: [ proxy user id field ]
[ + ] Add another proxy



Then in the StripesFieldLabels.properties file do I need:

app.authuser.id=User ID

Or 

app.authuser[0].id=User ID
app.authuser[n].id=User ID
...
...

Thanks!
Tim

-- 
Timothy Stone   |   Director, Application Developer Technical Lead
Barclaycard   |Business Technology Group, Solutions Delivery
125 S. West Street   |   Wilmington, DE|   19801
USA   |   www.barclaycardus.com
+1 302 255 8044 direct |   +1 410 441 9450 cell
 
COMPANY CONFIDENTIAL
 
P Before printing this e-mail, or any other document, ask yourself whether
you need a hard copy



Barclays www.barclaycardus.com

This e-mail and any files transmitted with it may contain confidential and/or 
proprietary information. It is intended solely for the use of the individual or 
entity who is the intended recipient. Unauthorized use of this information is 
prohibited. If you have received this in error, please contact the sender by 
replying to this message and delete this material from any system it may be on.

--
ThinkGeek and WIRED's GeekDad team up for the Ultimate 
GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the 
lucky parental unit.  See the prize list and enter to win: 
http://p.sf.net/sfu/thinkgeek-promo___
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users

Re: [Stripes-users] amusing license

[Stone, Timothy]

PS... I¹m a different ³Tim² ... I just thought this was funny.

I believe Freddy is using ³Tim² as in ³Tim Fennell,² the creator of Stripes.

Tim, a different one.


On 6/4/10 10:29 AM, "Carlos Peña"  wrote:

> It'll be good to hear the history between Struts and Stripes. What's up with
> this: "(It's too late now, they already copied Tim's code.)", is Struts 2 just
> a bad copy of Stripes?, I would like to hear more of this, seems interesting
> to me. 
> 
> Best regards.
> 
> On Fri, Jun 4, 2010 at 7:33 AM, Stone, Timothy 
> wrote:
>> Hey-oh! :D
>> 
>> 
>> 
>> On 6/4/10 8:44 AM, "Freddy Daoud" > <http://xf2...@fastmail.fm> > wrote:
>> 
>>> A little comic relief
>>> 
>>> I'm on the last couple of chapters of "Flexible Rails"[1], and was reading
>>> about using AMF with Rails (if you don't know what that is, don't bother
>>> looking it up, it's not important here.) Basically, there are two competing
>>> frameworks for achieving this, A and B.
>>> 
>>> The fun part is that framework A has an "MIT license with an exception"[2],
>>> which states that framework B may not use any of framework A's code for
>>> releases of framework B!
>>> 
>>> We should have had that exception, stating that Struts may not use source
>>> code from Stripes ;-) (It's too late now, they already copied Tim's code.)
>>> 
>>> Have a good Friday and a good weekend.
>>> 
>>> Cheers,
>>> Freddy
>>> 
>>> [1]: http://manning.com/armstrong/
>>> [2]: 
>>> 
http://code.google.com/p/rubyamf/source/browse/branches/ruby19/LICENSE?r=131>>>
9
>>> 
>>> 
>>> 
>>> --
>>> ThinkGeek and WIRED's GeekDad team up for the Ultimate
>>> GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the
>>> lucky parental unit.  See the prize list and enter to win:
>>> http://p.sf.net/sfu/thinkgeek-promo
>>> ___
>>> Stripes-users mailing list
>>> Stripes-users@lists.sourceforge.net
>>> <http://Stripes-users@lists.sourceforge.net>
>>> https://lists.sourceforge.net/lists/listinfo/stripes-users
>>> 
>>> 

-- 
Timothy Stone   |   Director, Application Developer Technical Lead
Barclaycard   |Business Technology Group, Solutions Delivery
125 S. West Street   |   Wilmington, DE|   19801
USA   |   www.barclaycardus.com
+1 302 255 8044 direct |   +1 410 441 9450 cell
 
COMPANY CONFIDENTIAL
 
P Before printing this e-mail, or any other document, ask yourself whether
you need a hard copy



Barclays www.barclaycardus.com

This e-mail and any files transmitted with it may contain confidential and/or 
proprietary information. It is intended solely for the use of the individual or 
entity who is the intended recipient. Unauthorized use of this information is 
prohibited. If you have received this in error, please contact the sender by 
replying to this message and delete this material from any system it may be on.

--
ThinkGeek and WIRED's GeekDad team up for the Ultimate 
GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the 
lucky parental unit.  See the prize list and enter to win: 
http://p.sf.net/sfu/thinkgeek-promo___
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users

[Stripes-users] Maven project hosting, syncing to central

[Stone, Timothy]

List,

The intense interest in the future of Stripes is exciting.

I¹ve lost the specific email, but I want to touch on the Maven-ization of
the 1.5 and 1.6 release lines.

Should this be completed by the project leads, instead of hosting a project
Maven repos (and the overhead involved), consider the OSSRH project by the
Nexus team.

Two immediate reasons Stripes leads want to do this:

1. The Nexus hosted OSSRH project is an approved forge for syncing to Maven
Central. Want adoption? Stripes *must* have Maven Central availability. I
would call any Stripes Maven-ization effort that did not have Maven Central
availability a non-starter.
-- 
Timothy Stone   |   Director, Application Developer Technical Lead
Barclaycard   |Business Technology Group, Solutions Delivery
125 S. West Street   |   Wilmington, DE|   19801
USA   |   www.barclaycardus.com
+1 302 255 8044 direct |   +1 410 441 9450 cell
 
COMPANY CONFIDENTIAL
 
P Before printing this e-mail, or any other document, ask yourself whether
you need a hard copy



Barclays www.barclaycardus.com

This e-mail and any files transmitted with it may contain confidential and/or 
proprietary information. It is intended solely for the use of the individual or 
entity who is the intended recipient. Unauthorized use of this information is 
prohibited. If you have received this in error, please contact the sender by 
replying to this message and delete this material from any system it may be on.

--
This SF.net Dev2Dev email is sponsored by:

Show off your parallel programming skills.
Enter the Intel(R) Threading Challenge 2010.
http://p.sf.net/sfu/intel-thread-sfd___
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users

[Stripes-users] Maven project hosting, syncing to central (#2)

[Stone, Timothy]

List,

The intense interest in the future of Stripes is exciting.

I¹ve lost the specific email, but I want to touch on the Maven-ization of
the 1.5 and 1.6 release lines.

Should this be completed by the project leads, instead of hosting a project
Maven repos (and the overhead involved), consider the OSSRH project by the
Nexus team.

Two immediate reasons Stripes leads want to do this:

1. The Nexus hosted OSSRH project is an approved forge for syncing to Maven
Central. Want adoption?

Stripes *must* have Maven Central availability. I would call any Stripes
Maven-ization effort that did not have Maven Central availability a
non-starter.

  2. The Maven Central is many times the only approved repository in large
organizations for mirroring though internal Nexus and Artifactory maven
repos.

Without Maven Central syncs then updates to the library become manual.
Anything that can be automated, and is not, is weight on adoption rates.

(sorry for spamming the list... Fat fingered the short cut for sending email
trying to line break my numbered list).

Regards,
Tim
-- 
Timothy Stone   |   Director, Application Developer Technical Lead
Barclaycard   |Business Technology Group, Solutions Delivery
125 S. West Street   |   Wilmington, DE|   19801
USA   |   www.barclaycardus.com
+1 302 255 8044 direct |   +1 410 441 9450 cell
 
COMPANY CONFIDENTIAL
 
P Before printing this e-mail, or any other document, ask yourself whether
you need a hard copy



Barclays www.barclaycardus.com

This e-mail and any files transmitted with it may contain confidential and/or 
proprietary information. It is intended solely for the use of the individual or 
entity who is the intended recipient. Unauthorized use of this information is 
prohibited. If you have received this in error, please contact the sender by 
replying to this message and delete this material from any system it may be on.

--
This SF.net Dev2Dev email is sponsored by:

Show off your parallel programming skills.
Enter the Intel(R) Threading Challenge 2010.
http://p.sf.net/sfu/intel-thread-sfd___
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users

Re: [Stripes-users] Stripes Cage Rattling

[Stone, Timothy]

Santos,

 

I'm going to side with the existing Stripes design Santos.

 

The JSP framework is specific about the correct and proper use of dynamic 
attributes in tag libraries where a significant numbers of attributes may 
exist, especially arbitarily. HTML 4.01 and HTML 5 are examples of very 
flexible specifications intended to use the JSP Dynamic Attributes interface.

 

Browser implementations of the W3C HTML *recommendation* (if you just take 4.01 
and do not weigh the fact that HTML 5 has *no* recommendation as yet from the 
W3C) differ wildly. The example of autocomplete is a good one. I need it, I 
work for Barclaycard. However, until only recently did Mozilla, Safari, Opera 
and others support this non-standard attribute.

 

If the Stripes standard tag library implements the recommendation and the 
Stripes Dynamic Library implements the Dynamic Attributes interface across the 
tag library for HTML, then Stripes is correctly following the intention of the 
JSP specification.

 

Including both libraries at the top of the JSP is an acceptable and recommended 
solution to your problem. I'm using it.

 

I use the "dynastripes:form" for my use of autocomplete and the standard 
Stripes lib for all my other inputs.

 

Heaven forbid I'm ever forced to use Dojo, then I'm stuck with the Dynamic 
Stripes library... :-) 

 

(It's true also that Stripes supports the Dojo framework through the Dynamic 
TLD already, so Dojo users are already first-class citizens in the framework.)

 

Regards,

Tim

 

PS... we can have a separate debate about HTML specifications, recommendations 
and browser implementations "off-line." I'm an adherent to the hypothesis that 
browser implementation trumps specification and recommendation from the W3C. 
Hence, Safari and IE 9 are leading implementation of the working HTML 5 spec, 
without a recommendation from the W3C. But I'm also a strong believer in error 
and warning free validation of my HTML responses, allowing few exceptions where 
the specification does not meet the implementation, e.g., autocomplete. In 
this, we are kindred spirits.

 



From: Samuel Santos [mailto:sama...@gmail.com] 
Sent: Saturday, September 04, 2010 11:12 AM
To: Stripes Users List
Subject: Re: [Stripes-users] Stripes Cage Rattling

 

Despite DynAttr Tag Library being the obvious choice, neither does it have it 
have runtime errors nor code completion.

autocomplete attribute is more often than not a requirement in banking web 
applications for security reasons, and is supported by browsers for a really 
long time (it was introduced by Microsoft with Internet Explorer 5 in 1999).
For that reason it has been included in the HTML5 spec 
(http://dev.w3.org/html5/spec/common-input-element-attributes.html#the-autocomplete-attribute)
 and should be included in our Standard Tag Library.

--
Samuel Santos
http://www.samaxes.com/



2010/9/4 Grzegorz Krugły 



 autocomplete is not in HTML spec, so it's not in the taglib. There's a
second version of tag lib that allows dynattrs, which will pass down to
the HTML any attribute; I tend to have them both added in different
namespaces so I can use autocomplete="off" when necessary.

W dniu 04.09.2010 05:00, Samuel Santos pisze:

> I would like to add that our taglib should really be updated.
>
> It's missing some very useful HTML attributes (e.g. autocomplete="off"
> on  elements, supported by most browsers), and we should as
> well, begin to add some of the new stuff coming from the HTML5 spec.



--
This SF.net Dev2Dev email is sponsored by:

Show off your parallel programming skills.
Enter the Intel(R) Threading Challenge 2010.
http://p.sf.net/sfu/intel-thread-sfd
___
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users

 



Barclays www.barclaycardus.com

This e-mail and any files transmitted with it may contain confidential and/or 
proprietary information. It is intended solely for the use of the individual or 
entity who is the intended recipient. Unauthorized use of this information is 
prohibited. If you have received this in error, please contact the sender by 
replying to this message and delete this material from any system it may be on.

--
This SF.net Dev2Dev email is sponsored by:

Show off your parallel programming skills.
Enter the Intel(R) Threading Challenge 2010.
http://p.sf.net/sfu/intel-thread-sfd___
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users

Re: [Stripes-users] HTML5 support?

[Stone, Timothy]

Ben, et. al,

The good news is I¹ve been buried in a ³Powered by Stripes 1.5.3² project.

The bad news is, besides being a champion for a more flexible configuration
of the HTML output of Stripes, I haven¹t been able to complete what I
started.

My patch doesn¹t throw a NPE, but it doesn¹t work in nested Layout
Definitions and Renderers.

I recently proposed a Stripes configuration setting that would be much wider
in scope than page, request, or session (session is not the right place
anyway). Application level seem more apropos. A context-param has started
making more sense in recent weeks. Follow my logic:

An application is going to have HTML 4, 5, or XHTML output across the
application as a whole. Developers should not be developing an application
intentionally, or unintentionally, with varied response types... Well,
mobile being an exception, but we (meaning myself and my employer) are
finding that HTML 4 and 5 are the expected standards on advanced, even 3
years recent, mobile platforms (WAP transforms are another matter
altogether).

Having a page level  or other Layout attribute requires
pages/views to be aware of its response to the client, or puts encumbrance
on the page developer to remember the output is of variety x for view y.

Setting the response output in the deployment descriptor make it a much
simpler branching in the FormTag and HtmlTagSupport classes: just check the
ServletContext for the response type.

I really need to visit this again, but yours truly is in the push to
release... Maybe in our next iteration I¹ll press the matter internally
more.

Regards,
Tim




On 10/12/10 9:14 PM, "Ben Gunter"  wrote:

>>  Thanks for the answer. I've seen recent posts to the group about Stripes'
>> future. Well, this is one direction. The library is very well matured at this
>> point, there's no immediate need to do anything (except for streaming layout
>> - works on our platform btw). Maybe one direction to go is introduce HTML5
>> and some XHTML configuration for picky governments and etc...

-- 
Timothy Stone   |   Director, Application Developer Technical Lead
Barclaycard   |Business Technology Group, Solutions Delivery
125 S. West Street   |   Wilmington, DE|   19801
USA   |   www.barclaycardus.com
+1 302 255 8044 direct |   +1 410 441 9450 cell
 
COMPANY CONFIDENTIAL
 
P Before printing this e-mail, or any other document, ask yourself whether
you need a hard copy



Barclays www.barclaycardus.com

This e-mail and any files transmitted with it may contain confidential and/or 
proprietary information. It is intended solely for the use of the individual or 
entity who is the intended recipient. Unauthorized use of this information is 
prohibited. If you have received this in error, please contact the sender by 
replying to this message and delete this material from any system it may be on.

--
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
Spend less time writing and  rewriting code and more time creating great
experiences on the web. Be a part of the beta today.
http://p.sf.net/sfu/beautyoftheweb___
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users

Re: [Stripes-users] HTML5 support?

[Stone, Timothy]

Samuel,

In regards to Stripes, the discussion is about the syntax used in the HTML
response by the Tag Library. STS-751 is an attempt to allow developers to
determine the syntax and not be tied to Stripes Tag Library default (a
default which would allowed by HTML5 BTW).

In regards to ³HTML4 can really led to disastrous results on mobile web
applications,² please provide details about the mobile platform. This does
not mesh with testing we have performed internally. We are delivering HTML4
(Loose, Trans, and Strict) across a broad range of advanced mobile
platforms, Apple, Android, etc. with a low rate of issues, certainly not
debilitating issues. The mime type text/html in all cases.

As an aside, delivering HTML 4 with a content-type of application/xhtml+xml
could very well lead to disastrous results. HTML4 is pretty clear about the
content-type: text/html (See § 4.3 of the HTML 4.01 recommendation).

Regards,
Tim



On 10/13/10 10:41 AM, "Samuel Santos"  wrote:

> We find it to be really important to always use the content-type
> application/xhtml+xml, which is supported by HTML5 but not HTML4, to minimize
> possible issues.

-- 
Timothy Stone   |   Director, Application Developer Technical Lead
Barclaycard   |Business Technology Group, Solutions Delivery
125 S. West Street   |   Wilmington, DE|   19801
USA   |   www.barclaycardus.com
+1 302 255 8044 direct |   +1 410 441 9450 cell
 
COMPANY CONFIDENTIAL
 
P Before printing this e-mail, or any other document, ask yourself whether
you need a hard copy



Barclays www.barclaycardus.com

This e-mail and any files transmitted with it may contain confidential and/or 
proprietary information. It is intended solely for the use of the individual or 
entity who is the intended recipient. Unauthorized use of this information is 
prohibited. If you have received this in error, please contact the sender by 
replying to this message and delete this material from any system it may be on.

--
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
Spend less time writing and  rewriting code and more time creating great
experiences on the web. Be a part of the beta today.
http://p.sf.net/sfu/beautyoftheweb___
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users

Re: [Stripes-users] Source forge description: It's stripey and itdoesn't suck

[Stone, Timothy]

Been passively following this thread... and I just want to defend the
use of the word "suck."

 

While seemingly "unprofessional" it is not without precedent: the
Macintosh text editor BBEdit uses "It doesn't suck." 

 

Why not twist Freddy's title a bit: "Stripes: because Java web
development doesn't have to suck."

 

Regards,

Tim

 

From: VANKEISBELCK Remi [mailto:r...@rvkb.com] 
Sent: Friday, October 29, 2010 12:49 PM
To: Stripes Users List
Subject: Re: [Stripes-users] Source forge description: It's stripey and
itdoesn't suck

 

"Stripes: because other frameworks sucks"

Cheers

Remi - what ?



Barclays www.barclaycardus.com

This e-mail and any files transmitted with it may contain confidential and/or 
proprietary information. It is intended solely for the use of the individual or 
entity who is the intended recipient. Unauthorized use of this information is 
prohibited. If you have received this in error, please contact the sender by 
replying to this message and delete this material from any system it may be on.

--
Nokia and AT&T present the 2010 Calling All Innovators-North America contest
Create new apps & games for the Nokia N8 for consumers in  U.S. and Canada
$10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing
Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store 
http://p.sf.net/sfu/nokia-dev2dev___
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users

Re: [Stripes-users] Preventing multiple form submission

[Stone, Timothy]

Struts 1.x provides this functionality... 
@see org.apache.struts.action.Action#saveToken(HttpServletRequest
request),
@see org.apache.struts.action.Action#resetToken(HttpServletRequest
request), 
@see org.apache.struts.action.Action#isTokenValid(HttpServletRequest
request)

It's described in /Struts in Action/ as a synchronizing token and
automatically provided in the  and  tags.
If the action is using tokens, an appropriate hidden field is generated.

Regards,
Tim

PS... I'm only "just saying." Not suggesting that Stripes want to do
this in core. :)

-Original Message-
From: Newman, John W [mailto:john.new...@viaoncology.com] 
Sent: Tuesday, November 16, 2010 1:35 PM
To: Stripes Users List; nikol...@brightminds.org
Subject: Re: [Stripes-users] Preventing multiple form submission

I'm wondering why the stripes form tag and stripes filter don't provide
this automatically.  It seems like everyone rolls their own version of
this, and if they haven't yet they will eventually, since without such a
check the application is easy to break.


I think this would be a good feature for stripes-stuff or stripes core
even.  I believe a lot of other web frameworks offer this right out of
the box, and tout it as a useful and necessary feature, which it is.  Am
I wrong?  I know the trend is to say "NO" to features and bloat, I agree
with that generally, but this topic comes up a lot.  It could be a big
deal to force everyone to implement a new interface or something for
handling the failure case, maybe a generic validation error could be
used, idk.

-Original Message-
From: Oscar Westra van Holthe - Kind [mailto:os...@westravanholthe.nl]
Sent: Tuesday, November 16, 2010 10:35 AM
To: nikol...@brightminds.org; Stripes Users List
Subject: Re: [Stripes-users] Preventing multiple form submission

On 16-11-2010 at 10:17, Nikolaos Giannopoulos wrote:
> Just wondering how others elegantly solve this situation:
> 
> 1) User is editing a form and fills it out and clicks submit button
> 2) Form gets successfully processed on the server however before a 
> response is returned the user hits the stop button, their internet 
> connection drops, etc...
> 4) User clicks on submit again and tries to re-submit the same
> information(*)
> 
> Now, this would be trivial if there was a unique piece of information 
> in the content being posted however lets assume someone posting some 
> blog / news content wherein there is really no unique info (e.g.
> although it may be rare there is nothing wrong with 2 people say 
> posting the same content with the same title).
> 
> I was thinking to tag the users session with the last successfully 
> submitted Stripes "_sourcePage" field and direct the user to the
"view"
> handler if they are trying to do an "edit" and the
"_sourcePage"matches.
> 
> Thoughts???

It is always possible to render a hidden field "nonce" with a bit of
opaque information (like a random long, hex-encoded), that is also
stored in the session. Generally, you get a flow like this:
- A form is prepared
- Generate a few random bytes (e.g. a long, anf hex-encode it)
- Store the value in the session
- Display the form, including a hidden field "nonce" with the generated
value ...
- When receiving a request that's not intended for a default handler,
check
  the field "nonce":
  - If it isn't present, give an error
  - If it is present but doesn't match the value in the session, present
an
error message "this form has already been submitted", and re-display
the
form or the detail page
  - Otherwise the nonce is present and matches the stored value: perfect
- Unless there is an error (see above), proceed as usual

As a variation you may generate a nonce per form or form/record
combination to explicitly allow people to edit multiple things at once.

Also, given that I match on "default handler or not", it is perfectly
possible to handle this using an interceptor and custom form tag. The
first check upon submit forced the use of the custom tag, so there will
be no omissions there.


Oscar

-- 
   ,-_  Oscar Westra van Holthe - Kind
http://www.xs4all.nl/~kindop/
  /() )
 (__ (  Inequality is the inevitable consequence of liberty.
=/  ()  -- Salvador De Madariaga - "Anarchy or Hierarchy" (1937)


--
Beautiful is writing same markup. Internet Explorer 9 supports standards
for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
Spend less time writing and  rewriting code and more time creating great
experiences on the web. Be a part of the beta today
http://p.sf.net/sfu/msIE9-sfdev2dev
___
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users



Barclays www.barclaycardus.com

This e-mail and any files transmitted with it may contain confidential and/or 
proprietary information. It is intended solely for the use of the indi

Re: [Stripes-users] Stripes and WebSockets?

[Stone, Timothy]

Sven,

Jetty is a servlet container, e.g., Tomcat. Jetty¹s support of WebSockets,
the HTML5 feature, is unrelated to Stripes.

The question you may want an answer to is what Stripes Resolution might best
support the creation and use of WebSockets, see
http://en.wikipedia.org/wiki/WebSockets for the protocol implementation.

I don¹t see anything that could not be implemented in Stripes, possibly with
a Streaming or JavaScript Resolution. There¹s some token encryption that the
server should be able to handle or pass off to the Action that might be an
exercise implementation or library support.

If there is a JSP example of WebSockets on the web, it should be ³portable²
to the Stripes platform it your favorite container (Jetty, Tomcat, WebLogic,
Jboss, etc.).

Regards,
Tim


On 12/9/10 8:57 AM, "Sven Jacobs"  wrote:

> Hi all,
> 
> I was wondering if anyone has already used WebSockets along with Stripes?
> Jetty 7 supports WebSockets, for example.
> 
> I'm new to Stripes. What would be the recommended way to use WebSockets in
> Stripes?
> 
> Many thanks,
> Sven
> 
> 
> --
> This SF Dev2Dev email is sponsored by:
> 
> WikiLeaks The End of the Free Internet
> http://p.sf.net/sfu/therealnews-com

-- 
Timothy Stone   |   Director, Application Developer Technical Lead
Barclaycard   |Business Technology Group, Solutions Delivery
125 S. West Street   |   Wilmington, DE|   19801
USA   |   www.barclaycardus.com
+1 302 255 8044 direct |   +1 410 441 9450 cell
 
COMPANY CONFIDENTIAL
 
P Before printing this e-mail, or any other document, ask yourself whether
you need a hard copy



Barclays www.barclaycardus.com

This e-mail and any files transmitted with it may contain confidential and/or 
proprietary information. It is intended solely for the use of the individual or 
entity who is the intended recipient. Unauthorized use of this information is 
prohibited. If you have received this in error, please contact the sender by 
replying to this message and delete this material from any system it may be on.

--
This SF Dev2Dev email is sponsored by:

WikiLeaks The End of the Free Internet
http://p.sf.net/sfu/therealnews-com___
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users

Re: [Stripes-users] decode

[Stone, Timothy]

I recently maven-ized jBCrypt. It should now be in Maven Central. More
information can be found in the following links:

http://bit.ly/f1am9m

jBCrypt makes secure hashes easy to salt, store and compare.

Tim


-Original Message-
From: Freddy Daoud [mailto:xf2...@fastmail.fm] 
Sent: Tuesday, January 11, 2011 8:10 AM
To: Stripes Users List
Subject: Re: [Stripes-users] decode

+1 on Apache Shiro, it's a good alternative.
Thanks Janne for the writeup!

Cheers,
Freddy

On Tue, 11 Jan 2011 15:03 +0200, "Janne Jalkanen"
 wrote:
> 
> BTW, this reminds me... If your Stripes app needs security, using
Apache
> Shiro together with Stripes is a breeze.
> 
> http://www.ecyrd.com/ButtUgly/wiki/Main_blogentry_100910_1
> 
> /Janne
> 
> On 11 Jan 2011, at 00:12, Joaquin Valdez wrote:
> 
> > Hello!
> > 
> > In the Stripes book there is an example of encoding a password to be
stored in the database:
> > 
> > try {
> >MessageDigest md = MessageDigest.getInstance("SHA-1");
> >byte[] bytes = md.digest(password.getBytes());
> >ep = Base64.encodeBytes(bytes);
> >System.out.println(ep);
> > 
> > 
> >}
> >catch (NoSuchAlgorithmException exc) {
> >throw new IllegalArgumentException(exc);
> >}
> > 
> > Does anyone have example code of how to decode the encrypted value
from the code above?
> > 
> > Thank you!  I have tried to do this longer than I care to admit  :-)
> > 
> > 
> > Joaquin Valdez
> > joaquinfval...@gmail.com
> > 
> > 
> > 
> > 
> >

--
> > Gaining the trust of online customers is vital for the success of
any company
> > that requires sensitive data to be transmitted over the Web.   Learn
how to 
> > best implement a security strategy that keeps consumers' information
secure 
> > and instills the confidence they need to proceed with transactions.
> > http://p.sf.net/sfu/oracle-sfdevnl 
> > ___
> > Stripes-users mailing list
> > Stripes-users@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/stripes-users
> 
> 
>

--
> Gaining the trust of online customers is vital for the success of any
> company
> that requires sensitive data to be transmitted over the Web.   Learn
how
> to 
> best implement a security strategy that keeps consumers' information
> secure 
> and instills the confidence they need to proceed with transactions.
> http://p.sf.net/sfu/oracle-sfdevnl 
> ___
> Stripes-users mailing list
> Stripes-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/stripes-users
> 


--
Gaining the trust of online customers is vital for the success of any
company
that requires sensitive data to be transmitted over the Web.   Learn how
to 
best implement a security strategy that keeps consumers' information
secure 
and instills the confidence they need to proceed with transactions.
http://p.sf.net/sfu/oracle-sfdevnl 
___
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users



Barclays www.barclaycardus.com

This e-mail and any files transmitted with it may contain confidential and/or 
proprietary information. It is intended solely for the use of the individual or 
entity who is the intended recipient. Unauthorized use of this information is 
prohibited. If you have received this in error, please contact the sender by 
replying to this message and delete this material from any system it may be on.



--
Gaining the trust of online customers is vital for the success of any company
that requires sensitive data to be transmitted over the Web.   Learn how to 
best implement a security strategy that keeps consumers' information secure 
and instills the confidence they need to proceed with transactions.
http://p.sf.net/sfu/oracle-sfdevnl 
___
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users

Re: [Stripes-users] HTTPS to HTTP switching

[Stone, Timothy]

Couldn't this "use case" also be addressed with OAuth? Where the Auth is
performed over OAuth, but the site remains over HTTP (non-secure).

I do agree 100% with Janne though, HTTPS is cheap. If the
username/password, and the services provided by the webapp should be
secure, make it secure 100% of the time, e.g., redirect to HTTPS
immediately on hitting the site.

Regards,
Tim

-Original Message-
From: Janne Jalkanen [mailto:janne.jalka...@ecyrd.com] 
Sent: Monday, January 31, 2011 9:48 AM
To: Stripes Users List
Subject: Re: [Stripes-users] HTTPS to HTTP switching

> 1) Logging in.  The login action should be https so username and 
> password are encrypted, but once i pass the login, the first page the 
> user sees does not need to be secure, hence switching from https to 
> http

And that's exactly when your site stops being secure, and the user
session can be hijacked, and your site is compromised.  Facebook does
login over https, yet the sessions can be hijacked. That's why they're
rolling out the change...

Please *do* seriously consider using https all the way after the user
has logged in. You have very few real reasons why you shouldn't - https
is very cheap these days with SSL-terminating loadbalancers and
plenty-of-CPU power for decryption anyway. You're otherwise creating a
fairly easy-to-exploit security hole in your system... (unless, of
course, you can ensure that nobody ever uses your system over WiFi.)

/Janne



--
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better
price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires February
28th, so secure your free ArcSight Logger TODAY! 
http://p.sf.net/sfu/arcsight-sfd2d
___
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users



Barclays www.barclaycardus.com

This e-mail and any files transmitted with it may contain confidential and/or 
proprietary information. It is intended solely for the use of the individual or 
entity who is the intended recipient. Unauthorized use of this information is 
prohibited. If you have received this in error, please contact the sender by 
replying to this message and delete this material from any system it may be on.



--
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires 
February 28th, so secure your free ArcSight Logger TODAY! 
http://p.sf.net/sfu/arcsight-sfd2d
___
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users

Re: [Stripes-users] stripes+yui

[Stone, Timothy]

We've launched a huge project pairing YUI and Stripes. 

As Yee later notes, the YUI and Stripes are independent. There is no
"integration" of the stacks, e.g., Dojo and Struts. And IMHO no need to
integrate the stacks at the Stripes Tag level (though bgunter may want
to speak up here).

You can see much of how we integrated the stacks at
http://bit.ly/apple-card.  Not asking you to apply (though you may want
too!), just click through to the application. Also not saying the
example perfect, but it works well (but could use some refactoring).

Regards,
Tim

-Original Message-
From: Joaquin Valdez [mailto:joaquinfval...@gmail.com] 
Sent: Thursday, February 10, 2011 8:55 PM
To: Stripes Users List
Subject: [Stripes-users] stripes+yui

Hello!

Wondering if anyone has any resources on using stripes with Yui?  Saw an
article by Freddy, but it looks like a broken link. 

Thanks!

Joaquin Valdez
joaquinfval...@gmail.com





--
The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio
XE:
Pinpoint memory and threading errors before they happen.
Find and fix more than 250 security defects in the development cycle.
Locate bottlenecks in serial and parallel code that limit performance.
http://p.sf.net/sfu/intel-dev2devfeb
___
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users



Barclays www.barclaycardus.com

This e-mail and any files transmitted with it may contain confidential and/or 
proprietary information. It is intended solely for the use of the individual or 
entity who is the intended recipient. Unauthorized use of this information is 
prohibited. If you have received this in error, please contact the sender by 
replying to this message and delete this material from any system it may be on.



--
The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
Pinpoint memory and threading errors before they happen.
Find and fix more than 250 security defects in the development cycle.
Locate bottlenecks in serial and parallel code that limit performance.
http://p.sf.net/sfu/intel-dev2devfeb
___
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users

Re: [Stripes-users] How to iterate on a list

[Stone, Timothy]

What platform are you running this on?

 

Thanks,

Tim

 

From: Laurent Pellegrino [mailto:laurent.pellegr...@gmail.com] 
Sent: Friday, May 20, 2011 1:22 PM
To: stripes-users@lists.sourceforge.net
Subject: [Stripes-users] How to iterate on a list

 

Hi all,

 

I have an ActionBean which has the following field with its associated getter 
and setter:

private List results;

 

The ArrayList is created and populated in the DefaultHandler method. Then, I 
want to print the results list value in my JSP. The JSP file contains the 
following lines:

 



${result.myField}



 

The MyObject instances contain a field myField with its associated getter and 
setter. Moreover, when I add a sysout before to return the Resolution in my 
DefaultHandler method I can see that my list contains several entries. My issue 
is that nothing is print to the screen. 

 

Does my JSP code is wrong?

 

Kind Regards,

 

Laurent


Barclays www.barclaycardus.com

This e-mail and any files transmitted with it may contain confidential and/or 
proprietary information. It is intended solely for the use of the individual or 
entity who is the intended recipient. Unauthorized use of this information is 
prohibited. If you have received this in error, please contact the sender by 
replying to this message and delete this material from any system it may be on.
--
What Every C/C++ and Fortran developer Should Know!
Read this article and learn how Intel has extended the reach of its 
next-generation tools to help Windows* and Linux* C/C++ and Fortran 
developers boost performance applications - including clusters. 
http://p.sf.net/sfu/intel-dev2devmay___
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users

Re: [Stripes-users] Stripes and Angular.js

[Stone, Timothy]

Slightly confused.

1. Angular is going to work on the returned response to the client and perform 
general DOM hijacking. Unsure why stripes is involved. Do you have a unit test 
we can review?

2 .Have you looked at the stripes dynamic TLD? It allows dynamic attributes in 
the JSP tags

HTH
Tim


From: Joe Adams [mailto:joe.ad...@vividseats.com]
Sent: Friday, September 14, 2012 10:47 AM
To: Stripes Users List 
Subject: [Stripes-users] Stripes and Angular.js

Hi,

We were interested in using Angular.js.  However, this might be a problem 
because Angular puts attributes in your html and Stripes JSP tags don't really 
allow any custom attributes in your html tags.  Has anyone found a way to use 
Stripes with Angular or another library that uses custom html attributes?

Has anyone wrote a good extension to Stripes tags that allows the use of custom 
attributes in the tags?

Thanks,
Joe

Barclaycard
www.barclaycardus.com 

This email and any files transmitted with it may contain confidential and/or 
proprietary information. It is intended solely for the use of the individual or 
entity who is the intended recipient. Unauthorized use of this information is 
prohibited. If you have received this in error, please contact the sender by 
replying to this message and delete this material from any system it may be on.
--
Got visibility?
Most devs has no idea what their production app looks like.
Find out how fast your code is with AppDynamics Lite.
http://ad.doubleclick.net/clk;262219671;13503038;y?
http://info.appdynamics.com/FreeJavaPerformanceDownload.html___
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users

Re: [Stripes-users] SSL newbie

[Stone, Timothy]

Adam stole my thunder... :) If you're carrying session data between secure and 
non-secure sections, you will lose one in transit for precisely why Adam said.

If you're in a secure area make sure it's always secure. Are you performing any 
SSL offloading at Apache? I have found that offloading SSL at the Apache HTTPD 
front end to be significantly easier to manage than in Tomcat/WebLogic/[pick 
container]

Tim

From: Adam Stokar [mailto:ajsto...@gmail.com]
Sent: Monday, September 17, 2012 10:24 AM
To: Stripes Users List
Subject: Re: [Stripes-users] SSL newbie

Hey Brian,

You should force all your requests to https to ensure that no one can change 
the url from a secure page to a non-secure page.   Then you can add a Stripes 
Interceptor that checks if the request requires https or not and allow the ones 
that don't to pass through.  Keep in mind that "switching" between http and 
https isn't really possible if you intend to use a session variable on the 
server side.  Browsers create a new session id when you switch between the two, 
even if the rest of the url is the same.

- Adam

On Mon, Sep 17, 2012 at 10:16 AM, Brian McSweeney 
mailto:brian.mcswee...@gmail.com>> wrote:
Hi guys,

I have a stripes webapp that I would like to add SSL support for in a few pages 
only.

I've come from a struts background where we had ssl-ext as an extension which 
simplified this. I've also searched the archives and come across 
http://www.stripesframework.org/jira/browse/STS-239 and some questioning 
threads about this topic none of which have been comprehensively resolved to me.

Can someone point me at a solution/approach to securing a few pages in stripes 
and switching between http and https?

cheers,
Brian

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
___
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users



Barclaycard
www.barclaycardus.com 

This email and any files transmitted with it may contain confidential and/or 
proprietary information. It is intended solely for the use of the individual or 
entity who is the intended recipient. Unauthorized use of this information is 
prohibited. If you have received this in error, please contact the sender by 
replying to this message and delete this material from any system it may be on.

--
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users

Re: [Stripes-users] Liferay portlets

[Stone, Timothy]

Azizi,

To state that Stripes adoption and use hinges on JSR-168/286 support in the 
library is a strawman argument; it would be akin to correlate Spring MVC 
success/adoption solely on portlet support.

FWIW, my vote would be “No” for direct JSR-286 support in Stripes to the 
committer team. Frankly, JSR-286 is all but dead, practically only supported by 
Liferay (which is a great product, but I would never recommend it if only 
because it is intended as a JSR-168/286 stack). The portlet specs are, at best, 
on lifesupport with Oracle, IBM and JBoss (RedHat) in favor of OpenSocial 
compatible APIs, e.g., like Apache Rave and Apache Shindig.

Finally, some thoughts on where JSR-168/286 is in 2012 from 2009 that nicely 
contrasts the promising beginnings with the realities of use, implementation, 
and age: 
http://today.java.net/pub/a/today/2009/01/20/jsr-286-portlet-irrelevance.html

Bottomline, I can do “portals” without a single portlet. However, I do 
sympathize with those that are forced into a Portlet platform, any one. I’ve 
been there. Worse architecture experience of my career.

Regards,
Tim

From: azizi yazit [mailto:aziziya...@gmail.com]
Sent: Friday, October 05, 2012 8:42 AM
To: Stripes Users List
Subject: Re: [Stripes-users] Liferay portlets


If stripes want the framework to be used by more ppl, let's start provide that.
On Oct 5, 2012 8:38 PM, "Thomas Menke" 
mailto:stripe...@cipher-code.de>> wrote:
On 10/04/2012 08:26 PM, Grzegorz Krugły wrote:
> In the project I'm on right now I'm forced to develop Liferay projects.
> It's a road through pain. I am wondering if anyone tried and was
> successful in using Stripes for portlet development? Is there some kind
> of integration available?

I faced the same challenge a while ago. But it turned out to be not as
easy as I hoped it would be. Eventually I ended up using Spring MVC
which supports JSR-286.

Thomas

--
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
___
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users

Barclaycard
www.barclaycardus.com 

This email and any files transmitted with it may contain confidential and/or 
proprietary information. It is intended solely for the use of the individual or 
entity who is the intended recipient. Unauthorized use of this information is 
prohibited. If you have received this in error, please contact the sender by 
replying to this message and delete this material from any system it may be on.
--
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev___
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users

Re: [Stripes-users] Input with non-standard character input

[Stone, Timothy]

If you use Tomcat, but sure to set the server encoding as well.

According to the URIencoding attribute documentation in Tomcat, set "... the 
character encoding used to decode the URI bytes, after %xx decoding the URL. If 
not specified, ISO-8859-1 will be used.".

For example:




From: Joe Adams [mailto:joe.ad...@vividseats.com]
Sent: Wednesday, December 26, 2012 10:15 AM
To: Stripes Users List
Subject: Re: [Stripes-users] Input with non-standard character input

Thank you, Matthijs!  While it is not really a Stripes problem, I was hoping 
there was a Stripes solution.  Setting my character encoding on the page 
doesn't help.  However, I can solve the issue by just eliminating the one bad 
character I always get.

Thanks,
Joe

From: Matthijs Laan [matthijsl...@b3partners.nl]
Sent: Saturday, December 22, 2012 3:56 AM
To: Stripes Users List
Subject: Re: [Stripes-users] Input with non-standard character input


From: Joe Adams 
[mailto:joe.ad...@vividseats.com]
To: 
stripes-users@lists.sourceforge.net 
[mailto:stripes-users@lists.sourceforge.net]
Sent: Fri, 21 Dec 2012 21:15:41 +0100
Subject: [Stripes-users] Input with non-standard character input
I have an input in which symbols like © can be entered.  Inside my action, the 
input variable has the text © where ever the the © was inputted.  How can I 
fix this?

I don't think your problem is stripes-specific, but it is a very common problem 
in web applications. See this page (also relevant if you don't use Tomcat):

http://wiki.apache.org/tomcat/FAQ/CharacterEncoding

The problem you most likely have is

"Most web browsers today do not specify the character set of a request, even 
when it is something other than ISO-8859-1. This seems to be in violation of 
the HTTP specification. Most web browsers appear to send a request body using 
the encoding of the page used to generate the POST (for instance, the  
element came from a page with a specific encoding... it is that encoding which 
is used to submit the POST data for that form)."

If you only need special characters in POST requests I would recommend setting 
all HTML pages you with your forms to UTF-8 and using the 
org.apache.catalina.filters.SetCharacterEncodingFilter (you can copy this 
filters' code to your application code if you don't use Tomcat).

Matthijs


Barclaycard
www.barclaycardus.com 

This email and any files transmitted with it may contain confidential and/or 
proprietary information. It is intended solely for the use of the individual or 
entity who is the intended recipient. Unauthorized use of this information is 
prohibited. If you have received this in error, please contact the sender by 
replying to this message and delete this material from any system it may be on.

--
Master Java SE, Java EE, Eclipse, Spring, Hibernate, JavaScript, jQuery
and much more. Keep your Java skills current with LearnJavaNow -
200+ hours of step-by-step video tutorials by Java experts.
SALE $49.99 this month only -- learn more at:
http://p.sf.net/sfu/learnmore_122612 ___
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users

Re: [Stripes-users] switch to https

[Stone, Timothy]

This seems to me to be a solved problem that is not directly a Stripes problem 
or a problem needing to be found in a Stripes solution.


1.   You can do this in Apache (not so much direct Tomcat, where Chris, 
downthread, gives an application context solution)
In your Directory, Location or VHost, require SSL:
SSLRequireSSL # this will outright deny access with HTTPS. May not be what you 
need.

We actually force SSL in non-secure domains with a RewriteCond and Rule
RewriteCond %{HTTPS} != "on"
RewriteRule  ^/(.*)$ https://www.domain.com/$1


2.   If you want to force HTTPS in a login, POST to HTTPS, e.g, https://...";  method="post" ...>, this will force negotiation of the 
secure channel before accidently leaking login information
This technique was formerly discouraged, but in wide use today. It will also 
solve the session state issue.

Hope this helps,
Tim

From: Chris Cheshire [mailto:cheshira...@gmail.com]
Sent: Friday, April 19, 2013 11:35 AM
To: Stripes Users List
Subject: Re: [Stripes-users] switch to https

I use essentially the same thing - the Tuckey URLRewrite servlet filter. 
Unfortunately it breaks form posts which is why I was wondering whether there 
is a way to build the url with https.


On Fri, Apr 19, 2013 at 11:28 AM, Adam Stokar 
mailto:ajsto...@gmail.com>> wrote:
I use a stripes interceptor.  If any request comes in that is supposed to be 
secure, it will redirect to the https version.


if(isSecure(request) && url.indexOf("https") != 0) {

url = url.replace("http", "https");

return new RedirectResolution(url,false);

}

On Fri, Apr 19, 2013 at 11:22 AM, Chris Cheshire 
mailto:cheshira...@gmail.com>> wrote:
No, I want to know how to switch from http to https without using url rewriting 
(apache, tomcat filter) if possible. I'm fine with everything being https once 
the switch is made, I just need to know how to make the switch when building 
links via stripes:link or stripes:form where possible.

On Fri, Apr 19, 2013 at 10:18 AM, Adam Stokar 
mailto:ajsto...@gmail.com>> wrote:
I had to deal with this a long time ago.  The best solution was to make all 
pages use https.  When you switch from http to https, a new session id is 
created and it complicates everything.  Is there a reason you need http?

On Fri, Apr 19, 2013 at 10:13 AM, Chris Cheshire 
mailto:cheshira...@gmail.com>> wrote:
How do I tell a stripes:link or stripes:form that I want it to switch to https? 
Eg. Start at a non-secure page and switch to https on login.

Do I have to use url rewrite rules, or is there something in Stripes I can use?

Thanks

Chris

--
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter
___
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users


--
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter
___
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users


--
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter
___
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users


--
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter
___
Stripes-users mailing list
Stripes-

Re: [Stripes-users] Setting response headers from inside layout code

[Stone, Timothy]

Mike,

Matt highlights something that is cleverly enforced in the Stripes
platform, the Front Controller pattern and what Freddy Daoud terms the
³pre-action² pattern. These patterns discourage ³direct-to-JSP² access.
When using the Stripes tag library with the layouts, as in your examples,
you are seeing this enforcement.

The ideas are more clearly expressed in Freddy¹s book, /Stripes...and Java
web development is fun again./ (PragProg,
http://pragprog.com/book/fdstr/stripes).


> The ³pre-action² pattern
> A good practice in a Stripes application is to use what is known as the
>³pre-action² pattern. This consists of always having requests go to  >
>Action Beans rather than directly to JSPs. We did this in the example‹
>both links target HelloActionBean using the beanclass= attribute of
> the  tag. There are no direct links to hello.jsp. In fact, we
>made sure of that by placing the JSP file in the /WEB-INF/jsp
> directory. In Java web applications, files anywhere under /WEB-INF
>cannot be accessed by the browser.

> Using the pre-action pattern has the following advantages:
> * ensures that the current Action Bean will be available in the JSP
>using ${actionBean}
> * routes requests through Action Beans, involving the full Stripes
>request-response lifecycle and
>   giving us more control over what happens between the stages of this
>lifecycle
> * restricts the URLs used to access the application, making it easier to
>control security
> * targets Action Beans instead of JSPs, making our code refer to class
>names instead of URLs













On 7/14/14, 4:19 AM, "Matthijs Laan"  wrote:

>On 2014-07-11 22:28, Mike McNally wrote:
>> I'm noticing that I can't set HTTP response headers from code that's
>> in a  when it's invoked. Debugging a little (I
>> wrote a little tag class to experiment) I note that I can successfully
>> call "setHeader" or "setContentType", but they have no apparent
>> effect; immediately calling "getContentType" on the Response object
>> returns a different string than passed to "setContentType".
>>
>> When that code runs, it's using a wrapped version of the
>> ServletResponse. From outside the context of a Stripes layout, that
>> test tag works just fine.
>>
>> Is this a situation that I should expect? Is there any way around
>> that? I need to set the content type inside a layout because that's
>> where the need for it is determined (it's deciding between JSON and
>>HTML).
>>
>
>Rewrite your code so you decide the content type in your ActionBean. In
>the MVC model the view (resolution) should only display your model, the
>controller (actionbean) should decide which view to use.
>
>For JSON I usually return a Resolution like:
>
>   new StreamingResolution("application/json", new
>StringReader(json.toString(4)));
>
>Matthijs
>
>
>--
>
>Want fast and easy access to all the code in your enterprise? Index and
>search up to 200,000 lines of code with a free copy of Black Duck®
>Code Sight™ - the same software that powers the world's largest code
>search on Ohloh, the Black Duck Open Hub! Try it now.
>http://p.sf.net/sfu/bds
>___
>Stripes-users mailing list
>Stripes-users@lists.sourceforge.net
>https://lists.sourceforge.net/lists/listinfo/stripes-users


Barclaycard

www.barclaycardus.com

This email and any files transmitted with it may contain confidential and/or 
proprietary information. It is intended solely for the use of the individual or 
entity who is the intended recipient. Unauthorized use of this information is 
prohibited. If you have received this in error, please contact the sender by 
replying to this message and delete this material from any system it may be on.

--
Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck®
Code Sight™ - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/bds
___
Stripes-users mailing list
Stripes-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/stripes-users